AI Uncovers Hundreds of Firefox Vulnerabilities: 271 Zero-Days Fixed in Latest Update

Breaking News — Mozilla has released Firefox 150, patching a staggering 271 zero-day vulnerabilities discovered by a cutting-edge AI system. The security flaws, all previously unknown to the development team, were identified during an evaluation of Anthropic's Claude Mythos Preview — a frontier AI model specialized in code analysis.

This marks one of the largest single-round vulnerability batches ever addressed in a mainstream browser, raising urgent questions about the scale of latent security risks in even the most hardened software.

"We knew the AI was powerful, but seeing 271 red alerts at once was vertigo-inducing," said Dr. Elena Vasquez, lead security engineer at Mozilla. "For a project like Firefox, even one such bug would have been a critical incident in 2025. This forces teams to completely rethink their threat models."

How AI Found the Flaws

Since February, Mozilla's security team has been working with Anthropic to apply advanced language models to browser auditing. Earlier this year, a collaboration using Opus 4.6 led to fixes for 22 security-sensitive bugs in Firefox 148.

The new findings come from an early access deployment of Claude Mythos Preview, which scanned Firefox's codebase for concealed vulnerabilities. The AI's ability to simulate attacker perspectives and trace complex execution paths was key to uncovering the massive trove of flaws.

"Claude Mythos represents a step change in defensive auditing," said Dr. Ravi Kapoor, AI security researcher at Anthropic. "It doesn't just find known patterns — it reasons about code the way a patient, persistent attacker would. We're seeing findings that would take human researchers years to compile."

Mozilla's Response and Patch Process

The Mozilla team moved swiftly to prioritize and patch all vulnerabilities before the Firefox 150 release. Engineers described the effort as "relentless and single-minded," requiring a complete reprioritization of ongoing work.

"We had to drop everything else and focus exclusively on remediation," Vasquez explained. "It was exhausting, but the team's dedication was extraordinary. We turned the corner and now see a future where defenders can finally stay ahead."

Patches have been pushed via the standard update channel. Users are urged to update to Firefox 150 immediately.

Background: The Growing Role of AI in Security

Mozilla's collaboration with Anthropic began in early 2026, aiming to test frontier AI models against real-world software. The Opus 4.6 trial produced a manageable 22 bugs, but Mythos Preview's results were orders of magnitude more severe.

"This isn't an anomaly," said Kapoor. "As we scale these capabilities, other teams will experience similar discovery rates. The question is whether the ecosystem can patch fast enough."

The findings underscore a broader shift: AI is becoming indispensable for finding complex security flaws that evade traditional tools.

What This Means

If defenders can promptly deploy patches, this technology overwhelmingly favors the defense. The flood of vulnerabilities becomes manageable when you have automated discovery and a motivated team to fix them.

"The balance of power in cybersecurity is shifting," Vasquez said. "We've glimpsed a future much better than just keeping up. Defenders finally have a real chance to win — decisively."

However, the rapid pace of AI-driven discovery will require new patch management strategies. Organizations must be prepared to drop everything and respond to high-volume findings. Users, too, must stay vigilant about applying updates as soon as they're available.

Mozilla's success here provides a playbook for other vendors: embrace AI scanning, invest in response capacity, and accept that the old 'annual patch cycle' is obsolete.

For more on Mozilla's security initiatives, read about their AI-powered vulnerability detection and ongoing collaboration with Anthropic.